From: Pritha Srivastava Date: Thu, 16 Feb 2017 05:03:34 +0000 (+0530) Subject: rgw: Replaced rgw userid with tenant in ARN for Roles. X-Git-Tag: v12.1.0~10^2~82^2~5 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=405c2012bcd6c4e5995448bf3f8b7428d010e21c;p=ceph.git rgw: Replaced rgw userid with tenant in ARN for Roles. Signed-off-by: Pritha Srivastava --- diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 0612cfc691c..fd1100f3255 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -2814,15 +2814,6 @@ int main(int argc, const char **argv) ++i; } } - if (tenant.empty()) { - tenant = user_id.tenant; - } else { - if (user_id.empty()) { - cerr << "ERROR: --tenant is set, but there's no user ID" << std::endl; - return EINVAL; - } - user_id.tenant = tenant; - } if (args.empty()) { return usage(); @@ -2862,6 +2853,15 @@ int main(int argc, const char **argv) } } + if (tenant.empty()) { + tenant = user_id.tenant; + } else { + if (user_id.empty() && opt_cmd != OPT_ROLE_CREATE) { + cerr << "ERROR: --tenant is set, but there's no user ID" << std::endl; + return EINVAL; + } + user_id.tenant = tenant; + } /* check key parameter conflict */ if ((!access_key.empty()) && gen_access_key) { cerr << "ERROR: key parameter conflict, --access-key & --gen-access-key" << std::endl; @@ -4593,10 +4593,8 @@ int main(int argc, const char **argv) return 0; case OPT_ROLE_CREATE: { - string uid; - user_id.to_str(uid); - if (role_name.empty() || assume_role_doc.empty() || uid.empty()) { - cerr << "ERROR: one of role name or assume role policy document or uid is empty" << std::endl; + if (role_name.empty() || assume_role_doc.empty()) { + cerr << "ERROR: one of role name or assume role policy document is empty" << std::endl; return -EINVAL; } /* The following two calls will be replaced by read_decode_json or something @@ -4613,7 +4611,7 @@ int main(int argc, const char **argv) return -EINVAL; } string trust_policy = bl.to_str(); - RGWRole role(g_ceph_context, store, role_name, path, trust_policy, uid); + RGWRole role(g_ceph_context, store, role_name, path, trust_policy, tenant); ret = role.create(true); if (ret < 0) { return -ret; diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index 31d8e996c66..36e1787f57a 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -77,9 +77,7 @@ void RGWCreateRole::execute() if (op_ret < 0) { return; } - string uid; - s->user->user_id.to_str(uid); - RGWRole role(s->cct, store, role_name, role_path, trust_policy, uid); + RGWRole role(s->cct, store, role_name, role_path, trust_policy, s->user->user_id.tenant); op_ret = role.create(true); if (op_ret == -EEXIST) { diff --git a/src/rgw/rgw_role.cc b/src/rgw/rgw_role.cc index 9ccc20e70e3..b718aa9d62b 100644 --- a/src/rgw/rgw_role.cc +++ b/src/rgw/rgw_role.cc @@ -78,7 +78,7 @@ int RGWRole::create(bool exclusive) id = uuid_str; //arn - arn = role_arn_prefix + uid + ":role" + path + name; + arn = role_arn_prefix + tenant + ":role" + path + name; // Creation time real_clock::time_point t = real_clock::now(); diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h index f8a60a4c568..861a797662b 100644 --- a/src/rgw/rgw_role.h +++ b/src/rgw/rgw_role.h @@ -17,7 +17,7 @@ class RGWRole string creation_date; string trust_policy; map perm_policy_map; - string uid; + string tenant; int store_info(bool exclusive); int store_name(bool exclusive); @@ -33,13 +33,13 @@ public: string name, string path, string trust_policy, - string uid) + string tenant) : cct(cct), store(store), name(std::move(name)), path(std::move(path)), trust_policy(std::move(trust_policy)), - uid(std::move(uid)) { + tenant(std::move(tenant)) { if (this->path.empty()) this->path = "/"; }